Privacy Policy

This privacy policy sets out how MDS Ltd uses and protects any information that you give MDS Ltd when you engage with us. It describes how we collect, use and process your personal data, and how, in doing so, we comply with our legal obligations to you. Your privacy is important to us, and we are committed to protecting and safeguarding your data privacy rights. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this policy.

This Privacy Policy applies to the personal data of our Website Users, Candidates, Employees, Trainees, Alumni, Members and Directors, and other people whom we may contact in order to find out more about our Candidates or whom they indicate is an emergency contact or referee.

MDS Ltd may occasionally change this policy by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from 25 May 2018.


To summarise the policy here are key bullet points. Further details and information is contained below.

  • By submitting data to us you agree to us storing your information.
  • All Trainees’ and Employees’ details are stored for the duration of your employment to provide you with the best possible experience and to comply with our contractual and legal obligations. After employment, a limited amount of your data is kept and you will have the right to opt out of communications with us.
  • As a trainee we may share your data with a limited number of third parties including tutors, education providers, member companies, prospective trainees.
  • MDS Alumni data is stored for the purpose of event invites, job opportunities, surveys and newsletters. It will not be shared with third parties unless you ask us to and you can withdraw your consent for us to contact you at any time.
  • Member data is stored for contractual purposes and will only be shared with prospective trainees and candidates who seek a role at the company. It may also be shared with other Members.
  • We will store your data in line with this policy and in line with GDPR.
  • We will inform the relevant authority and yourself if there is a breach in data protection.
  • Data stored on the MDS Ltd Office 365 system is password protected and is a secured network. Paper documents are stored in a locked cupboard which only MDS Staff have access to.
  • You can ask us to remove your details, to see your details and to update your details at any time. There is no charge for this.


We refer to ‘Candidates’ as those who apply for the MDS scheme by completing the online application form or those who submit an application for a role within the MDS team.

We refer to ‘Employee’ or ‘Staff’ as those who are employed by MDS other than trainees.

We refer to ‘Trainees’ as those who are successful at interview and become employed by MDS on the graduate scheme. ‘Members’ own Trainees’ are employees of members who attend the MDS training programme.

We refer to ‘Alumni’ as our former trainees.

We refer to ‘Members’ as organisations who have a contract with MDS to provide secondments and access our training services.

We refer to ‘Directors’ as members of our Board who represent Member companies.

Explaining the lawful bases we rely on

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

In specific situations, we can collect and process your data with your consent.

For example, when you tick a box to receive email newsletters. When collecting your personal data, we’ll always make clear to you which data is necessary in connection with a particular service.

Contractual obligations
In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, in order to provide a member with a suitable trainee, we’ll need the contact details of those involved in organising the secondment. Another example would be needing a trainee’s bank details in order to pay them a salary.

Legal compliance
If the law requires us to, we may need to collect and process your data.

For example, we need to pass employee & trainee details onto our pension providers so that they can be opted in to pension contributions and be given the option to opt out.

Legitimate interest
In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests.

For example, we may use data about secondments offered and completed for reporting purposes.

When do we collect information about you?

  • When you visit our website.
  • When you apply for a position via MDS, either for our graduate scheme or for a permanent role with us or with a Member company.
  • When you agree to take up an offer of employment to join MDS and send us the required on boarding information.
  • When as a trainee or employee you submit any documentation or information such as PDP, reviews, absence notifications, profiles and assignments which are required of you as an employee and as part of the graduate scheme.
  • When you become a Director of MDS Ltd.When you engage with us on social media.
  • When you contact us by any means with queries, complaints etc.
  • When you ask any Member, Trainee, Alumni or Employee of MDS to provide you with more information about the services we offer.
  • When you agree for us to send you marketing material (e.g. careers fair follow up information).
  • When you book to attend an event, for example an open day.
  • When you choose to complete any surveys we send you.
  • When you comment on or review our products and services.
  • When you’ve given a third party permission to share with us the information they hold about you.
  • We collect data from publicly-available sources, when you have given your consent to share information or where the information is made public as a matter of law.

What information do we collect about you?

We may collect the following information:


Categories of data Lawful basis for processing and purpose of processing
  • Name
  • Contact information including email
  • address, and phone number
  • Demographic information such as
  • address and details of disabilities
  • Preferences, skills and interests
  • Details of current and previous
  • employment and education
  • CV
Legitimate interest
For the purpose of recruitment.


Categories of data Lawful basis for processing and purpose of processing
  • Bank details
In order to pay your salary and expenses.
  • Reference contacts
  • Next of kin
  • Details of performance
Legitimate interests
For personnel files.
  • Driving license, car insurance and copy of passport
  • Tax and pension details
Legal obligation
To ensure that you are legally allowed to work and drive in the UK. To ensure that you pay tax and are opted into a pension scheme.


Categories of data Lawful basis for processing and purpose of processing
  • Photograph
  • Videos
To be displayed in the office for recruitment purposes and to display within the MDS profile books which is shared with Member companies.
To be used for promotional materials which may be shared with associated PR company and website designers.
  • Bank details
In order to pay your salary and expenses.
  • Reference contacts
  • Emergency contact details
  • Details of performance (review documentation)
  • PDP work
  • H&S Forms
  • End of secondment questionnaire and review board feedback
  • Training records and results (e.g. MBTI score)
  • Secondment history, skills and achievements (via your MDS profile)
Legitimate interests
For personnel files and in order to monitor the value of secondments and training.
  • Driving license, car insurance and copy of passport
  • Tax and pension details
Legal obligation
To ensure that you are legally allowed to work and drive in the UK. To ensure that you pay tax and are opted into a pension scheme.


Categories of data Lawful basis for processing and purpose of processing
  • Name and contact details
  • Current job role and career history
To receive newsletters, respond to enquiries and research requests, to receive information about events and services. (as long as you have agreed to this at the point of providing your information and for as long as you do not opt-out.) To aid us with marketing, promotional events and in order to identify potential new members. Also used for statistical purposes.
  • Group number
  • Secondment history
  • First post-MDS role and company
Legitimate interests
To improve our services and record data for statistical purposes.


Categories of data Lawful basis for processing and purpose of processing
  • Name and contact details
Obligation to share with trainees in order to place trainees within the organisation.


Categories of data Lawful basis for processing and purpose of processing
  • Name, contact details, date of birth, job title and other directorships
Legal obligation
Required by the FCA to be included on the annual return.

Website users

Categories of data Lawful basis for processing and purpose of processing
  • Details of your visits to our website
  • Information gathered by the use of cookies in your web browser
Legitimate interests
To ensure that our website functions properly and in order to improve user experience.

What do we do with the information we gather?

The main reason for using your personal details is to help trainees to secure suitable secondments and permanent employment and to provide members with suitable candidates for their vacancies. Where appropriate and in accordance with local laws and requirements, we may also use your personal data for things like marketing and diversity monitoring.

If appropriate, we will seek your consent to undertake some of these activities. We may also seek your consent to collect, hold, and use and disclose your personal information for any other purpose not listed here.

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • To improve our services.
  • We may periodically send promotional emails about job opportunities, newsletters, MDS events or other information which we think you may find interesting using the email address which you have provided.
  • From time to time, we may also use your information to contact you for market research purposes.
  • We may use your data for statistical purposes to better understand the impact of our work and areas of improvement. Unless permission is expressly requested, names are not included and the data will be non-identifiable.
  • Trainee personal development plans, reviews and feedback from members will be stored and used to understand areas of development and to provide you with appropriate secondment and training opportunities.
  • We may contact you by email, post or phone. You can update these details at any time by emailing

Where do we store your personal data?

We keep your data on areas of “MDS Office 365” which can only be accessed by MDS office staff and the IT provider who have password access to the specific information. Office 365 if a cloud based storage and software service provided by Microsoft, who have their own policy regarding data, if you wish to view this click here.

We do our upmost to keep this system secure and we do not share passwords. Printed or written documents containing personal information are only stored in locked cupboards which only MDS staff have access to.

If we have consent to do so, we may display your photo in the MDS office, on our website or on social media.

Candidates’ applications submitted on our website will be stored there for a limited period of time. Our website has an SSL certificate, which encrypts connections and protects sensitive data appropriately.

Who do we share your personal data with?

Initially data is shared within the organisation.

We may also release personal information to regulatory or law enforcement agencies, if they require us to do so. We will also disclose your information where we are permitted and requested to do so by law.

We may share your personal data with various parties, in various ways and for various reasons as explained under the headings below.


We will not share your information with any third party.


If you become an employee, we will share your information with our outsourced payroll service, health insurance, pension and IT support providers.


Primarily we will share your CV or profile with Members to secure your secondments and permanent roles. We may also share anonymised versions of your profile with potential new members, candidates or training providers.

We may share your information with training providers and other third parties in order to provide you with the best learning opportunities whilst on the graduate scheme.

In addition, we will share your information with our outsourced payroll service, pension and IT support providers.

We may also share contact information with prospective trainees who are invited to the assessment day so they can find out more about the scheme.


We will share your CV and covering letter with a member if you apply for a permanent position that we are advertising on their behalf.

We will share your name and email address with Mail Chimp in order to keep in contact with you if you opt in to receive information about our events and information about our services. Click here to view their privacy policy.


We will share your contact details with Trainees and Alumni primarily to ensure that we provide you with suitable candidates for any secondments or jobs you are looking to fill. We may also share your details with other Members in order to allow for collaboration and sharing of good practice amongst the membership, but we will seek your permission before doing so.


We will share your contact details with Trainees so that they may contact you with queries or for support. We will share your address, year of birth, title and other directorships with the Financial Conduct Authority as part of the annual return.

How long do we keep your personal data for?

We keep emails for up to 6 years unless otherwise stated below.


Unsuccessful applicants’ information will be stored for a period of up to 1 year. The same will apply for those who withdraw from the scheme before starting.

Trainees and Employees

Current personal data of trainees and employees will be stored for 6 years after they leave the scheme. Data regarding financial and payroll information will be kept for 6 years in line with legal and regulatory obligations.


We will keep your name, group number, contact details and post-MDS roles indefinitely unless you ask us not to. This is to be used for the purpose of keeping in touch in regards to MDS events and opportunities.

You can opt out of our communications at any time and you can request that your name be deleted from our records.

We will still record your group number employment dates and secondments for statistical purposes.

If you apply for a job with a Member via us and submit your CV and covering letter, we will keep these for a period of up to 6 months.


We keep Member company key contact details on file for as long as the business is a Member of MDS Ltd and for 6 years after the business has left the Membership. Member employees can tell us at any time that they wish to be removed from our contact lists by

When we are made aware that a key contact at a Member company has left the business, we will delete their contact details from our system within one month.

Once a Member has left the MDS membership, we will keep contact details on file for 6 years in case of audit queries.

When contact details of an employee within a potential Member company are passed on to us, we keep these for 1 year. If no meaningful contact is received within this time, we will remove the details from our system. When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), where you ask for more information about or are actively engaging with our services. We will also consider it meaningful contact if you communicate with us about potential roles, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will not count as meaningful contact – this will only occur in cases where you click-through or reply directly.


We keep director details indefinitely as they are on the FCA annual return.

Summary of referee and emergency contact data

In order to provide Candidates, Employees and Trainees with suitable employment opportunities safely and securely and to provide for every eventuality for them, we require the details of referees and emergency contacts. We only ask for very basic contact details, so that we can get in touch with you either for a reference or because you’ve been listed as an emergency contact for one of our Candidates or employees.

Referee contact details are included as part of the application process. Documents linked to an employee or trainee’s application are destroyed 6 years after an employee leaves the company. For unsuccessful applicants, application forms, and therefore referee details, are deleted within 1 year of applying.

Emergency contact details will be deleted with the employee’s employment details within 6 years of them leaving the business.

They are stored on the MDS Office 365 system in a secure manor. Referee details will also be stored with the application form on the website, which has an SSL certificate in order to protect sensitive data.

They are not shared or sold to any third parties.

How can you access, amend or take back your personal data?

Even if we already hold your personal data, you still have various rights in relation to it. We will seek to deal with your request within 30 days, and in any event in accordance with the requirements of any applicable laws. Please note that we may keep a record of your communications to help us re§solve any issues which you raise. If we choose not to action your request we will explain to you the reasons for our refusal.

Your right to withdraw consent
Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent by emailing us at the address found below.

Where we rely on our legitimate interest
In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

Accuracy of your data
If you believe that any information we are holding on you is incorrect or incomplete, please write to us as soon as possible. We will promptly correct any information found to be incorrect. If we are made aware that your details are no longer correct we will delete this information.

Subject Access Request
You may request details of personal information which we hold about you under the Data Protection Act 1998. No fee is required. If you would like a copy of the information held on you please get in touch.

Direct marketing
You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

Checking your identity
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Notice. If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act.

If you would like to exercise any of the above rights or ask for further information, please email


We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. These include measures to deal with any suspected data breach.

In the event of a security breach, the Information Commissioner’s Office (ICO) will be notified within 72 hours of becoming aware of the breach. You will also be notified as soon as possible, in order to protect yourself from the breach. We will provide you with the likely consequences of the breach and what measures are taken or proposed to be taken to deal with the personal data breach and including, where appropriate, the measures taken to mitigate any possible adverse effects.

If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately. Details of how to contact us can be found on the bottom of this document and on our website.


How we use cookies

A cookie is a small file that is stored on your computer’s hard drive. They are used by nearly all websites and do not harm your system, the cookie helps analyse web traffic or lets you know when you visit a particular site. Each cookie expires automatically after a certain period of time.

Overall, cookies help us provide you with a better website by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Which cookies are used

Essential Cookies
Certain cookies are necessary in order for the site to operate correctly. For example, we use cookies to authenticate you. When you log on to the portal section of our website, authentication cookies are set which let us know who you are during a browsing session.

We use cookies to identify when you have logged on. And we use cookies within the website in order to separate human visitors from robots.

We collect information about your general geographic information.

Performance Cookies
Using Google Analytics which gathers information allowing us to understand interactions with our websites and ultimately refine that experience to better serve you.

These cookies are used to distinguish users and to throttle request rates.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

Links to other websites
Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Your acceptance of this Privacy Policy

By using our services or applying to work for MDS Ltd you consent to the collection and use of your personal information in the ways specified above in our privacy policy.
You have a legal right to a copy of all personal information about you held by us.
You also have a right to correct any errors in that information.
It is your responsibility to ensure that your Personal Data is accurate.

Please feel free to contact us if you have any queries surrounding this policy.


Write to us: MDS Ltd, Unit 14 Papyrus Business Parc, Werrington, Peterborough, PE4 5BH.